diff options
| author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-03-17 17:28:24 +0100 |
|---|---|---|
| committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-03-18 22:39:55 +0100 |
| commit | 8a74bb5c7becbd7492f4445b852602c3e88ba143 (patch) | |
| tree | 2c05b9acac1ea6b781e3e0eb035d385f14f5a470 /crypto/ec/ec_mult.c | |
| parent | Clear the secret point in ecdh_simple_compute_key (diff) | |
| download | openssl-8a74bb5c7becbd7492f4445b852602c3e88ba143.tar.xz openssl-8a74bb5c7becbd7492f4445b852602c3e88ba143.zip | |
Clear the point S before freeing in ec_scalar_mul_ladder
The secret point R can be recovered from S using the equation R = S - P.
The X and Z coordinates should be sufficient for that.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8504)
Diffstat (limited to 'crypto/ec/ec_mult.c')
| -rw-r--r-- | crypto/ec/ec_mult.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 9b0aac2313..c76c528048 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -378,7 +378,7 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, err: EC_POINT_free(p); - EC_POINT_free(s); + EC_POINT_clear_free(s); BN_CTX_end(ctx); return ret; |